Page MenuHomeFreeBSD

arm64 makectx: Fix overflow of tf_x array
ClosedPublic

Authored by jhb on Aug 16 2023, 7:30 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Jan 17, 6:34 PM
Unknown Object (File)
Tue, Jan 14, 2:47 PM
Unknown Object (File)
Tue, Jan 7, 1:46 AM
Unknown Object (File)
Tue, Dec 31, 8:26 PM
Unknown Object (File)
Dec 16 2024, 11:19 PM
Unknown Object (File)
Dec 2 2024, 11:51 AM
Unknown Object (File)
Nov 8 2024, 5:53 PM
Unknown Object (File)
Nov 1 2024, 1:33 AM
Subscribers

Details

Summary

PCB_LR isn't stored in tf_x, so trying to store it as pcb_x[PCB_LR] =
tf->tf_x[PCB_LR + PCB_X_START] overflowed the tf_x array.

Reported by: Morello (bounds check crash)
Obtained from: CheriBSD
Sponsored by: DARPA

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 53141
Build 50032: arc lint + arc unit

Event Timeline

jhb requested review of this revision.Aug 16 2023, 7:30 PM

An alternate fix (that might be cleaner) without breaking the KBI would be to rename pcb_x[PCB_LR] back to pcb_lr.

sys/arm64/arm64/machdep.c
365

Copying my comment on the CheriBSD PR: could move the tf->tf_elr read in here?

In D41485#944895, @jhb wrote:

An alternate fix (that might be cleaner) without breaking the KBI would be to rename pcb_x[PCB_LR] back to pcb_lr.

Eh, assembly relies on them being adjacent and LR is an X register

This revision is now accepted and ready to land.Aug 16 2023, 8:09 PM
sys/arm64/arm64/machdep.c
365

Yeah, that's not a bad idea, and allows the comment to be moved so all the PCB_LR handling is in one place.

This revision now requires review to proceed.Aug 16 2023, 11:00 PM
sys/arm64/arm64/machdep.c
367

My personal taste would be to use i here rather than propagating the constant, as the check's there to change how you read from tf, not how you store to pcb_x.

jhb marked an inline comment as done.Aug 17 2023, 6:39 PM
This revision is now accepted and ready to land.Aug 17 2023, 7:40 PM
This revision was automatically updated to reflect the committed changes.